CVE-2025-41010

Name of the Vulnerable Software and Affected Versions Hiberus Sintra (affected versions not specified)

Description An incorrect Cross-Origin Resource Sharing (CORS) configuration exists in Hiberus Sintra. CORS allows browsers to make cross-domain requests in a controlled manner, using the “Origin” header to identify the requesting domain and define the protocol between the browser and server. An attacker could exploit this issue, particularly when Access-Control-Allow-Credentials is enabled, to potentially perform privileged actions and access confidential information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.